Facebook hackers target small business owners to steal money for ads

It only took 15 minutes for hackers to infiltrate Sarah McTaggart’s single mother in Sydney facebook page.

From there, they also took control of the account she uses to run her small business, wiping out 90 percent of the customer base she’s built over the past four years — almost in an instant.

Their target? The PayPal account she uses to buy Facebook ads for her business.

Sarah McTaggart no longer has access to her business, which she manages through Facebook. (Delivered)

Ms. McTaggart is one of many small business owners who say their Facebook pages have been hacked and fraudulent charges have been made to their PayPal or bank accounts because the scammers are buying ads with their money.

It was last Thursday night when Ms. McTaggart first noticed something was wrong with her Facebook account.

“I was just watching TV and I opened Facebook. I saw that I had received and accepted a friend request from a man in the US to whom I had not sent a friend request,” said Ms. McTaggart.

“Then, about five minutes later, Facebook sent me an email saying that my account had been disabled for violating community standards,” she said.

Hackers have turned Ms McTaggart's Facebook profile into that of a flag linked to ISIS.
Hackers have turned Ms McTaggart’s Facebook profile into that of a flag linked to ISIS. (Delivered)
The hackers had used a well-known technique, previously reported by 9news.com.au, which means changing the profile picture of the account they hacked to that of a flag associated with the terrorist group ISIS.

The ISIS flag violates Facebook’s community standards and automatically triggers a warning that causes Facebook to boot the user from their account.

To keep her out, the hackers also changed Ms. Mc Taggart’s age for her account, making her too young to have a Facebook account.

Ms McTaggart said she immediately took steps to try and report the hack to Facebook and prove her identity and age, but they were unsuccessful.

The hackers then took control of her company page.

“I woke up the next morning to get an email from PayPal saying a $320 payment had been authorized for Facebook ads,” Ms McTaggart said.

Ms. McTaggart said she could not get back the money the hackers spent on Facebook ads through her account from PayPal.
Ms. McTaggart said she could not get back the money the hackers spent on Facebook ads through her account from PayPal. (Delivered)

Ms. McTaggart had previously used the PayPal account to buy ads for her dreadlock business – Better Off Dread – where she makes and maintains dreadlocks for customers and sells accessories.

The mother-of-one said she was devastated to lose access to both her personal and business pages.

Her business, which largely no longer has Facebook, was her livelihood, Ms. McTaggart said.

“It’s so disturbing. Nearly 90 percent of my new business inquiries come through Facebook,” she said.

“Almost all of my communication with my clients is on Facebook, so disabling my account completely cut off my ability to talk to any of those people.

“I’m fully booked with clients until mid-January, and I have no way of confirming appointments with those people. There’s no way they can cancel if they’re sick.”

Ms McTaggart said she was initially confident she would regain access to her accounts.

“I thought, of course, that this would be resolved,” she said.

But after exhausting all the suggestions Facebook’s customer service offered online, Ms. McTaggart said she was frustrated with Facebook’s lack of accountability because there was no number available to call the social media giant directly.

“It slowly dawned on me that this was a pretty complex situation, and there’s really no way to talk to a human on Facebook,” she said.

PayPal had also refused to refund the $320 the hackers spent on advertising, she said.

“PayPal won’t refund that because I had an advertising deal with Facebook,” she said.

“And I haven’t been able to communicate with anyone at Facebook to get them to refund the money.”

A list of the charges Ianni Nicolaou found on his bank account statement after he was hacked.
A list of the charges Ianni Nicolaou found on his bank account statement after he was hacked. (Delivered)

The story of Mrs. McTaggart is known to Ianni Nicolaou, an American real estate agent from Alabama.

Mr Nicolaou had his personal Facebook page and his company page hacked two months ago in August and has been unable to access both since.

“It’s terrible. I’m a broker and it’s imperative to use the platform these days,” Nicolaou told 9News.com.au.

“I have a business page that I run ads through.

“I invested money for my followers, and now it’s gone – out of nowhere.”

After his accounts were hacked, Mr Nicolaou said he was also hit with approximately A$1,800 in charges to the bank account linked to his Facebook business page.

“There was cost; cost after cost. They started at about $100 each and then got bigger and bigger,” he said.

“What frustrated me the most is that there is no confirmation from Facebook. There is no one who can call Facebook and say that you have received fraudulent accusations.

“I’ve literally tried everything, but they’re robots you talk to.

“I feel like this is actually fraud. I can’t talk to a person who wants to help me, but they are happy to take my money.”

Speaking to 9news.com.au, Meta Australia spokesperson Antonia Sanda said the investigative team was working to recover both Ms McTaggart and Mr Nicolaou’s accounts.

“We want to keep suspicious activity off our platform and protect people’s accounts, and are working to restore these accounts to their rightful owners,” she said.

“Online phishing techniques are not unique to Facebook, but we are making significant investments in technology to protect the security of people’s accounts.

“We strongly encourage people to strengthen their online security by enabling app-based two-factor authentication and alerts for unrecognized logins.”

Tips to prevent your Facebook page from being hacked

  • Take action and report an account: People can always report an account, an ad, or a message that they find suspicious.
  • Do not click on suspicious links: Don’t trust messages asking for money, offering gifts, or threatening to delete or block your account (or verify your account on Instagram). To help you identify phishing and spam emails, you can view official emails sent from your settings in the app.
  • Do not click on suspicious links from Meta/Facebook/Instagram: If you receive a suspicious email or message, or see a message that claims to be from Facebook, do not click on any links or attachments. If the link is suspicious, you will see the name or URL at the top of the page in red with a red triangle.
  • Do not respond to these messages/emails: Do not reply to messages asking for your password, social security number, or credit card information.
  • Avoid phishing: If you accidentally entered your username or password in a strange link, someone else may be able to login to your account. Change your password regularly and don’t use the same password for everything.
  • Receive notifications: To turn on two-step verification for additional account security.
  • Use additional security features: Receive notifications about unrecognized logins and turn on two-step verification to increase your account security.

Leave a Comment